CVE-2022-4361
published 2023-07-07CVE-2022-4361: Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerability in the SAML or OIDC providers. The…
medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerability in the SAML or OIDC providers. The vulnerability can allow an attacker to execute malicious scripts by setting the AssertionConsumerServiceURL value or the redirect_uri.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chrome_chrome | — | — | |
| redhat | keycloak | < 21.1.2 | 21.1.2 |
| redhat | openshift_container_platform | — | — |
| redhat | openshift_container_platform | — | — |
| redhat | openshift_container_platform_for_ibm_linuxone | — | — |
| redhat | openshift_container_platform_for_ibm_linuxone | — | — |
| redhat | openshift_container_platform_for_power | — | — |
| redhat | openshift_container_platform_for_power | — | — |
| redhat | single_sign-on | >= 7.6 < 7.6.4 | 7.6.4 |